btrbk compat busybox

host_files/btrbk/narwhal/btrbk.conf

@@ -0,0 +1,34 @@
+transaction_log   /var/log/btrbk.log
+lockfile          /run/lock/btrbk.lock
+timestamp_format  long
+snapshot_create   onchange
+
+snapshot_preserve      24h 7d 0w 0m 0y
+snapshot_preserve_min  latest
+target_preserve        0h 14d 6w 4m 1y
+target_preserve_min    latest
+archive_preserve       0h 1d 1w 1m 1y
+archive_preserve_min   latest
+
+incremental yes
+ssh_identity /etc/btrbk/id_ed25519
+ssh_user btrbk
+backend btrfs-progs-doas
+
+compat_remote busybox
+
+volume /mnt/btr_pool
+  snapshot_dir  btrbk_snapshots
+  target        ssh://suricata/mnt/btr_backup/narwhal
+  subvolume backups
+  subvolume books
+  subvolume certs
+  subvolume data
+  subvolume docker_volumes
+  subvolume home
+  subvolume home-data
+  subvolume http
+  subvolume music
+  subvolume secrets
+  subvolume transmission
+  subvolume videos

host_files/btrbk/suricata/btrbk.conf

@@ -1,9 +1,23 @@
-timestamp_format        long
-snapshot_preserve_min   18h
-snapshot_preserve       48h
+transaction_log   /var/log/btrbk.log
+lockfile          /run/lock/btrbk.lock
+timestamp_format  long
+snapshot_create   onchange
 
-transaction_log /var/log/btrbk.log
+snapshot_preserve      24h 7d 0w 0m 0y
+snapshot_preserve_min  latest
+target_preserve        0h 14d 6w 4m 1y
+target_preserve_min    latest
+archive_preserve       0h 1d 1w 1m 1y
+archive_preserve_min   latest
+
+incremental yes
+ssh_identity /etc/btrbk/id_ed25519
+ssh_user btrbk
+backend btrfs-progs-doas
+
+compat_local busybox
 
 volume /mnt/btr_pool
-  snapshot_dir btrbk_snapshots
+  snapshot_dir  btrbk_snapshots
   subvolume home
+  subvolume rancher_config

roles/btrbk/tasks/main.yml

@@ -23,30 +23,17 @@
     src: "host_files/btrbk/{{ ansible_hostname }}/btrbk.conf"
     dest: /etc/btrbk/btrbk.conf
 
-- name: make btrbk user ssh directory
-  file:
-    state: directory
-    path: /var/lib/btrbk/.ssh
-    owner: btrbk
-
-- name: copy btrbk user ssh key
+- name: copy btrbk ssh key
   copy:
     src: id_ed25519
-    dest: /var/lib/btrbk/.ssh/id_ed25519
+    dest: /etc/btrbk/id_ed25519
     owner: btrbk
     mode: '0400'
 
-- name: copy btrbk user ssh public key
-  copy:
-    src: id_ed25519.pub
-    dest: /var/lib/btrbk/.ssh/id_ed25519.pub
-    owner: btrbk
-    mode: '0644'
-
 - name: copy btrbk user ssh public key to authorized_keys
   copy:
     src: id_ed25519.pub
-    dest: /var/lib/btrbk/.ssh/authorized_keys
+    dest: /etc/ssh/authorized_keys/btrbk
     owner: btrbk
     mode: '0644'
 
@@ -54,7 +41,4 @@
   lbu:
     include:
       - /usr/local/bin/btrbk
-      - /var/lib/btrbk/.ssh/id_ed25519
-      - /var/lib/btrbk/.ssh/id_ed25519.pub
-      - /var/lib/btrbk/.ssh/authorized_keys
   when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]

roles/sshd/tasks/main.yml

@@ -6,6 +6,11 @@
     mode: '0644'
     owner: root
 
+- name: create authorized_keys directory
+  file:
+    state: directory
+    path: /etc/ssh/authorized_keys
+
 - name: setup host ssh certificates
   include_tasks: certs.yml
 

roles/sshd/templates/sshd_config.j2

@@ -38,7 +38,7 @@ PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile	.ssh/authorized_keys
+AuthorizedKeysFile  /etc/ssh/authorized_keys/%u
 
 #AuthorizedPrincipalsFile none